CVE-2025-66595 in FAST TOOLS
Summary
by MITRE • 02/09/2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product is vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link crafted by an attacker, the user’s account could be compromised.
The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/06/2026
CVE-2025-66595 represents a critical cross-site request forgery vulnerability affecting Yokogawa Electric Corporation's FAST/TOOLS suite, specifically targeting versions R9.01 through R10.04 across multiple packages including RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB. This vulnerability resides within the web-based user interface components of the industrial automation software platform, creating a significant security risk for operational technology environments. The flaw stems from inadequate validation of origin requests and missing anti-forgery tokens in the web application's authentication flow, allowing malicious actors to craft deceptive links that can execute unauthorized actions on behalf of authenticated users. The vulnerability operates at the application layer and is classified under CWE-352, which specifically addresses cross-site request forgery weaknesses in web applications. This issue directly impacts the integrity and confidentiality of industrial control systems, as successful exploitation could enable attackers to perform administrative functions, modify system configurations, or access sensitive operational data without proper authorization.
The operational impact of this vulnerability extends beyond traditional web application security concerns into the realm of industrial control systems where FAST/TOOLS serves as a critical component for monitoring and controlling industrial processes. When an authenticated user clicks on a malicious link, the system processes the request as if it originated from the legitimate user, potentially allowing attackers to manipulate process variables, alter alarm settings, or access restricted system functionalities. This threat vector is particularly dangerous in industrial environments where unauthorized access could lead to production disruptions, safety hazards, or even physical damage to equipment. The vulnerability affects the authentication and authorization mechanisms within the FAST/TOOLS platform, creating a pathway for privilege escalation attacks and persistent access to industrial control interfaces. Security frameworks such as NIST SP 800-53 and ISO/IEC 27001 highlight the critical importance of implementing proper anti-forgery mechanisms in industrial control systems, making this vulnerability particularly concerning for organizations operating in regulated industries.
Mitigation strategies for CVE-2025-66595 must address both immediate defensive measures and long-term architectural improvements within the FAST/TOOLS environment. Organizations should implement mandatory anti-forgery tokens for all state-changing operations within the web interfaces, ensuring that each request includes a unique, unpredictable value that cannot be forged by attackers. Network segmentation and access controls should be strengthened to limit exposure of the vulnerable components, while regular security awareness training should be conducted for personnel who interact with the FAST/TOOLS platform. The implementation of web application firewalls and intrusion detection systems can help identify and block malicious request patterns targeting this vulnerability. Additionally, organizations should establish robust patch management procedures to ensure timely deployment of vendor-provided security updates, as the vulnerability affects multiple packages within the FAST/TOOLS suite and requires coordinated remediation across the entire platform. The ATT&CK framework categorizes this vulnerability under T1531 - Run-time Application Stapling and T1212 - Exploitation for Credential Access, highlighting the need for comprehensive defensive measures that address both the exploitation techniques and the underlying system weaknesses. Organizations should also consider implementing additional monitoring and logging mechanisms to detect suspicious authentication patterns and unauthorized system modifications that could indicate successful exploitation attempts.